Privacy policy

 

Information security and data protection is a priority for our company. This privacy policy details our commitment to protecting your personal data in accordance with the relevant legislation.

I. Who will process your personal data?

 

Data controller: SAVARIA-DENT Kft.

Registered seat: 9700 Szombathely, Dr. Szabolcs Zoltán u 5. A. ép.

Tax ID: 10512045-2-18

Phone number: +36 94 505 840

Email address: info@savariadent.hu 

Represented by: András Gál, managing director

II. General terms

2.1. What is personal data?

Personal data means any information relating to you as an identified or identifiable natural person.

Such personal data is your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

2.2. What is data processing?

Processing means any operation or set of operations which is performed on personal data or on sets of personal data.

Examples for processing include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.3. Who may process your personal data?

Our company processes your personal data as a data controller.

A data controller is a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Our company may engage the services of data processors while processing your personal data.

A data processor means a natural or legal person which processes personal data on behalf of us, the controller.

Such data processors are external accountants, IT maintenance, lawyers, etc.

2.4. What is the purpose of data protection and this privacy policy?

The purpose of data protection is for data controllers and data processors to process your personal data in compliance with the relevant legislation, and to inform you of your rights, as well as to be accountable of compliance.

 

 

 

III. How, why and for how long does our company process your data?

 

Purpose of processing	Description of processing	Types of personal data processed and their origin	Legal basis of processing	Duration of processing
Job applications	Our company processes the personal data provided to us by the solicited and unsolicited CV-s and other documents attached to the job application. The purpose of data processing is to notify the applicant of any job opportunities matching their qualifications and interests, as well as making an appointment with the applicant and performing the application procedure.	The personal data and contact information (e-mail address, phone number) provided by the applicant to us in the CV and other attached documents.   We may check the public profiles of the applicants on social media sites (however, we do not save, store or forward any personal data in connection with this).	The legal basis of processing personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].   You may request a copy of the legitimate interest test performed with regards to the job applications via e-mail or in person at our offices.	For an announced position: In case of a successful application the duration of the employment, in case of an unsuccessful application for 3 (three) months after the hiring is concluded or until the request of the applicant to delete their personal data. For an unsolicited application: for 3 (three) months after the application is sent or at the time the request of the applicant is made to delete their personal data.
Questions, inquires and quotations	In connection with inquiries and quotation requests made by other companies or by us in person, via e-mail or over the phone, our company shall process the personal data provided to us or by us in the questions, inquires and quotations or answers by the data subject. The purpose of data processing is establishing and staying in contact, as well as providing information and quotation to the interested party so that they may engage our services or we may engage theirs.	The personal data provided to us or by us in the questions, inquires and quotations by or to the data subject, as well as any contact (telephone number, e-mail address) and other information necessary to enter into a contract.	In the event the parties enter into a contract as a result of the questions, inquires and quotations is the entering into and performance of contract between data subject and our company [GDPR Art. 6. Sect. (1) Par. b)]. In the event the parties do not enter into a contract as a result of the questions, inquires and quotations is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].	In the event a contract is not entered into, our company processes the personal information for 5 (five) years in accordance with the limitation of claims pursuant to the Civil Code.   If a contract is entered into then the duration of the processing is as described below.
Contracts	The company processes the data of other business entities and their employees that is necessary for the entering into and performance of the contract between a client or a supplier and our company.	The personal data enclosed in the contract and the contact information (telephone number, e-mail address) necessary for the performance of the contract, as well as any additional data required to issue an invoice in accordance with the Accounting Act.	The legal basis of processing personal data is the performance of contract between data subject and our company [GDPR Art. 6. Sect. (1) Par. b)].	The duration of data processing is 8 (eight) years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Company under the Accounting Act.
Electronic surveillance	Our company operates an electronic surveillance and recording system (CCTV) at its registered seat and other premises (indicated by notices and pictograms). The electronic surveillance system monitors the internal area of the site.   The purpose of the data processing is personal and property protection.	The camera system only records the picture and actions of the people entering the areas (the system does not have voice recording capabilities).   The source of the personal data is the data subject.   The surveillance system is operated by us, no data processors are engaged in this process.	The legal basis of processing personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].   You may request a copy of the legitimate interest test performed with regards to the electronic surveillance via e-mail or in person at our registered seat.	The duration of the processing is at most 30 (thirty) days from the date of the recordings, after this period the recordings shall be deleted automatically.
Webinars	Our company organizes trainings on topics related to its economic activities in the framework of webinars with the involvement of external experts as speakers.   The purpose of data processing is to hold webinars.	The processed personal data is the live and recorded image and voice of the person teaching at the webinar, as well as the voice of the participants in the webinar in connection with any questions, and if the participants display their image during the question, their image.   The source of personal data is the data subject.	The legal basis of processing personal data is the performance of contract between data subject and our company [GDPR Art. 6. Sect. (1) Par. b)].	The duration of data processing is 8 (eight) years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Company under the Accounting Act.
Direct marketing for businesses without prior business relations	Our company uses direct marketing to reach business entities with no prior business relations with us (“cold” businesses) in the sale of our products and services. In connection with this activity, we do not gather, process or utilize personal data, only the publicly available company and economic data of business entities, as well as generic business e-mail addresses that cannot be traced back to one identified or identifiable natural person.
Direct marketing for businesses with prior business relations	Our company processes the e-mail addresses of the businesses that requested quotations and our contractual partners in order to use these electronic contact information for direct sales of similar products or services to the customer.	The name and e-mail address of the natural person or the natural person employee of the business enterprise with an existing business relation with our company.	The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)]. Our company makes it a priority to comply with the provisions of § 6 of the Business Advertising Activity Act and paragraph 13 of the E-Privacy Directive. You may read about this in our balancing test on our website.	Our company processes the personal information until such time that the data subject requests their deletion. The option to unsubscribe is indicated in every direct marketing message.

IV. Who do we share your personal data with?

 

Our company will never forward, sell or make your personal data available in any other way to third parties. We do not forward personal information to third countries or international organizations. However, we may need to share some information, including personal data, we obtain from your use of our service in the following circumstances.

 

1. Complying with legal requirements

Our company may transmit personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, including to meet national security or law enforcement requirements. In this case the legal basis of forwarding the personal data is to comply with the legal obligations of our company [GDPR Art. 6. Sect. (1) Par. c)].

 

2. Protection of our claims, rights and interests

We may also need to share personal data for the protection of our rights and interests, in accordance with the applicable laws. In this case the legal basis of forwarding the personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].

 

3. Using third-party service providers

Our company uses a data processor that provides contract security services to us. The data processor may only access your personal data in compliance with the purpose and legal basis of the data processing, as well as the relevant legislation.

 

1. Tóth Anita Mária independent contractor (registered seat: 9700 Szombathely, Akacs Mihály utca 68.; tax ID: 65859843-1-38)

This entrepreneur provides accounting and payroll services to us, thus acts as a data processor with regards to the personal data of our employees, natural person clients and employees of our clients (name, position, phone number, e-mail address).

 

2. D B és B AUDIT Kft. (registered seat: 9700 Szombathely, Szent Flórián krt 2.; tax ID: 11315889-2-18)

This company provides financial auditing services to us, thus acts as a data processor with regards to the personal data of our employees, narutal person clients and employees of our clients (name, position, phone number, e-mail address).

 

3. CE Certiso Kft. (registered seat: 2092 Budakeszi, Erdő utca 101.; tax ID: 23147049-2-13)

This company carries out the audit procedure required for the certification of the ISO quality management system at our company, and may be considered as a data processor in connection with the inspection and certification process during which it may access documents related to personal data of our company's employees, contractual partners and social security-funded or non-social security patients (eg. prescriptions, worksheets, etc.)

 

4. Kovács Péter independent contractor (registered seat: 9700 Szombathely, Hattyú utca 6/e.; tax ID: 53523206-1-38)

This entrepreneur provides our company with administrator services in connection with the IT system used by our company, and software development and operation services in connection with the corporate governance system used by our company, accordingly it acts as a data processor for personal data stored in the IT system and the corporate governance system.

 

5. BYG-MODELL Kft. (registered seat: 9700 Szombathely, Welther Károly utca 32. 1. em. 4.; tax ID: 23860647-1-18)

This company develops and operates for our company the software used to submit reports to the social security bodies, which are mandatory for our company according to the law, and accordingly acts as a data processor with regard to the personal data processed and stored in this system.

 

 

 

 

6. Vörös Zsolt independent contractor (registered seat: 9700 Szombathely, Csillag utca 27.; tax ID: 74515338-1-38)

This entrepreneur develops and operates the software used for accounting and invoicing as well as inventory accounting for our company, as such itmay carry out data processing activities regarding personal data processed in connection with accounting, invoicing and inventory.

V. In what cases do we process your personal data on behalf of other companies?

 

Our company provides the production of medical devices (orthodontic appliances) for the companies commissioning us (dentists) as data controllers, during which the personal data (health data) of the patients of the referring physician is processed by us as data processors according to the rules set by the data controller and legislation.

 

1. Data controllers: customers (treating physicians, dentist) of medical devices (typically orthodontic appliances) as data controllers.

 

2. Legal basis and purpose of data processing: the entering into and performance of contract between our company as data processors and the data controllers [GDPR Art. 6. Sect. (1) Par. b)].

 

3. Data subjects: patients of the physicians ordering medical devices (typically orthodontic appliances) from our company.

 

4. Processed personal data: The personal data contained in the accounting documents and supporting documents (eg. contracts, orders) in accordance with the Accounting Act and personal data processed in connection with patients' prescriptions and imprints (and the personal data processed on them).

 

5. Duration of data processing: Our company stores the prescriptions for the completed medical devices for 5 (five) years in accordance with article 30. § paragraph (7) of Eüak., while the production sheets are kept for 10 (ten) years after the production according to point 4 of Annex XIII. of the c)  MDR Regulation.

 

6. Forwarding of personal data: If necessary, our company forwards to the competent authorities (social security bodies) the personal data required by law or included in the decision to provide individual data. In these cases, the legal basis for the transfer of data is the fulfillment of the obligations specified in the legislation governing our company [Article 6 (1) GDPR. (c)].

 

Our company has reviewed the data processing activities and processes listed above, so if you make such a request to us, our company will provide you with information on whether we process your personal data as a data processor on behalf of another company.

VI. When do we process your personal data on behalf and in the name of another companies?

 

Our company provides services in designing, developing and operating e-learning systems to our clients, where we process the personal data that our client stores in the system based on the instructions of our client as well as the relevant legislation. These personal data usually are the name, e-mail address and password of the data subject for the registration, as well as the certificate, study time, progress, start and end date of the training program.

 

Our company has assessed all its data processing activities and processes. If you send us an inquiry, we will promptly inform you whether we process your personal data as a data processor in the name of a data controller.

VII. How do we protect your data?

 

1. Security

We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. Our company makes every effort to comply with the best practices of information security.

 

2. Confidentiality

We undertake the obligation of confidentiality with all contractual partners. This confidentiality applies to the personal data processed in relation to the contract between our company and our contractual partner.

 

 

 

VIII. What are your rights with regard to us processing your personal data?

 

8.1. Information and access to personal data

 

You may request the company in writing to provide information as to:

1. the personal data processed by our company regarding you, as well as
2. the legal basis of the processing,
3. the purpose of the processing,
4. from which source the personal data originate,
5. the duration of the processing,
6. to whom our company forwards the personal data and its legal basis.

 

We shall comply with your request within 15 (fifteen) days by electronic or postal mail to the address you provided. Prior to complying with the request our company may ask you to further specify the request or the data processing activities.

 

If your right to obtain information as described above adversely affects the rights and freedoms of others (especially regarding trade secrets and intellectual property rights) we are entitled to refuse to comply with the request in the necessary and proportionate amount.

 

In the event you request the above information in multiple copies, our company is entitled to bill a proportionate and reasonable amount of money in connection with the administrative costs of fulfilling the request. If the personal data indicated by you is not processed by us, we shall nevertheless inform you of this fact.

 

8.2. Right to rectification

 

You shall have the right to obtain from our company without undue delay the rectification of inaccurate, incorrect or incomplete personal data concerning you. We shall correct the inaccurate or inaccurate data immediately, but no later than within 5 (five) days. If it does not conflict with the purposes of the processing, we may complete the incomplete personal data by means of a supplementary statement provided by you. We shall notify you of the above by electronic or postal mail to the address you provided.

 

Our company shall be exempted from complying with the request for rectification if

1. the accurate, correct and complete personal data are not available and you do not provide those to us, or
2. if the validity of the personal data provided by you cannot be established.

 

8.3. Right to erasure („right to be forgotten”)

 

You shall have the right to request from us the erasure of any personal data relating to the data subject. You shall make the request in writing with specifying the personal data to be erased and the reason for the erasure.

 

The fulfilment of the request shall only be denied by our company in case the processing of the personal data is obligatory for us by law. Should we not be obligated by law to process the personal data then we shall comply with the request no later than within 15 (fifteen) days and inform you by electronic or postal mail to the address you provided.

 

8.4. Right to restriction of processing

 

You may request our company the restriction of processing the personal data in writing. The restriction shall apply until the reasons you specified make it necessary. You may request the restriction of processing if:

1. the accuracy of the personal data is contested by you (for a period enabling the controller to verify the accuracy of the personal data);
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but we are required by you for the establishment, exercise or defence of legal claims;
4. you have objected to processing pending the verification whether our legitimate grounds as the controller override those of yours as the data subject.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.  

 

If you have obtained restriction of processing, you shall be informed by our company before the restriction of processing is lifted.

 

After complying with the request of restriction our company shall inform of that fact any persons or legal entities to whom we have lawfully forwarded your personal data, unless such a task is impossible or would require unproportionate effort from our company.

 

8.5. Right to object

 

If the processing of your data is based on a legitimate interest, you must be provided with the appropriate information regarding the processing of the data and your right to exercise the right to protest. This right must be expressly brought to your attention at the latest when you first contact us.

 

You have the right to object to the processing of your personal data on this basis, in which case our company may no longer process the personal data of the data subject unless it can be proved that

1. the processing of the data by our company is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms, or
2. the data processing is related to the submission, enforcement or protection of the legal claims of our company.

 

8.6. Right to data portability

 

You have the right to receive personal data about you provided by you to our company in a structured, widely used, machine-readable format (eg. by e-mail) and to transfer this data directly to another data controller. In case of exercising the right to data portability, our company will comply with your request primarily by means of an email attachment in .pdf format.

 

8.7. Right to an effective remedy

 

8.7.1. Dispute resolution with the Company

 

You may announce your request regarding information, rectification, erasure and restriction in person or in writing at any addresses of our company provided in Section I.

8.7.2. Right to complaint

 

In the event the dispute resolution with us proved unsuccessful or you deem that your rights listed above were violated or a direct risk of such violation exists, you are entitled to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

 

Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Mailing address: 1530 Budapest, Pf. 5

Telephone: +36(1)3911400

Telefax: +36(1)3911410

E-mail address: ugyfelszolgalat@naih.hu

Website: http://naih.hu

 

8.7.3. Right to a court

 

You – regardless of your right to complaint – may file an action with the courts if your rights under the GDPR and the Privacy Act have been violated.

 

Any action against our company may only be filed with a Hungarian court.

 

You may file the action with the court of your jurisdiction. The Courts of Hungary and their jurisdiction are available at the following link: http://birosag.hu/torvenyszekek

 

The legislation referenced in this privacy policy:

1. Eüak.: Act XLVII of 1997 on the processing and protection of health and related personal data
2. GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
3. MDR Regulation: REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC
4. Privacy Act: Act CXII of 2011 on Informational Self-Determination and Freedom of Information
5. Accounting Act: Act C of 2000 on Accounting
6. Civil Code: Act V of 2013 on the Civil Code